One of the trends that we are seeing today is the convergence of security management and systems management.The better job you can do managing your infrastructure, the better equipped you will be to define and enforce security policies and controls across that infrastructure.There are few places where this convergence is more evident than the endpoint.

As the notion of a perimeter disappears, and we see the continued proliferation of an increasing number of traditional and non-traditional endpoints, such as servers, desktop PCs, laptops, ATMs, point-of-sale devices, and self-service kiosks, organizations are looking for a comprehensive approach to how they best manage and secure all of their endpoints.This includes, but is not limited to, identifying all of the endpoints that you have in your environment, managing the complete lifecycle of that endpoint, providing continuous security and compliance, effectively deploying patches in a timely manner and finally, managing the power usage of that endpoint.

Tivoli Endpoint Manager, built on BigFix technology, can address all of those needs, but in this blog, I want to focus on that last piece of the conversation, because it is one that does not immediately come to mind when people are typically thinking about the most critical elements of managing an endpoint.However, we have seen that effective power management is something that can actually pay for all of the other benefits that Tivoli Endpoint Manager can provide.You can ultimately end up saving money, the environment, and in the process, deploy critical security and systems management controls across all of your endpoints (even the ones you didn’t originally know you had).

In a recent article (click here), Penn State wrote about their deployment of Big Fix (now called Tivoli Endpoint Manager) and indicated that it could save them about $800,000 annually.At a large university like Penn State, they have thousands of computers that can be included in their power management initiative, and many of these computers are only heavily used during peak hours.Tivoli Endpoint Manager allows the Penn State IT staff to automatically put these computers in sleep mode when they aren’t in use.They are anticipating not only a significant ROI (about $800,000 annually), but are also hoping to reduce the amount of carbon dioxide released into the atmosphere by 60,000 tons.

One of the objections that people often bring up when it comes to power management for the endpoint is that it can interfere with the patch process.This is one of the areas where the convergence of security and systems management is so important.The policies that you create and enforce from a systems management perspective need to work hand-in-hand with the policies related to security management.For that reason, Tivoli Endpoint Manager was built on the core concepts of convergence, scalability and granular policy setting.It allows an IT staff to automatically wake computers at a designated time, apply required patches or enforce configuration policies, reboot, and then bring the endpoint back down to a hibernated, low energy state, or shut it down altogether.

The Chichester School District (click here) provides yet another great example of power management savings. This regional school district in Delaware County, Pennsylvania, manages more than 2,000 Microsoft Windows desktops and 50 Microsoft Windows servers throughout a six-school network.The Chichester School District implemented energy conservation using the power management capabilities of Tivoli Endpoint Manager to help reduce computing energy costs by 70 percent. Their IT team also uses the distributed “Wake-on-LAN” functionality to distribute and install patches to those machines that are turned off at night. This allows for a reduction of energy resources and confirms machines are securely patched—without impacting employee productivity.

The integrated patch and power management capabilities of IBM Tivoli Endpoint Manager provides IT staff with real-time information on remote endpoints to simplify patch processes, conserve energy and reduce on site troubleshooting.

So, I was at Pulse this year and was the source of a pretty constant ridicule for carrying around what felt like a fifty pound laptop bag.It was horrible, and inconvenient, and not even effective.I had hard copies of schedules that were out of date about 30 seconds after I clicked print.By the end of the conference I had calluses on my fingers and I couldn’t walk more than about ten steps without having to change hands.It was really a constant reminder that I need to go to the gym more.

Anyway, interestingly enough, most vendors in the endpoint security space have basically adopted this same approach in designing their technology.Incoming attacks get blocked by signatures, and in order to keep you “prepared,” some companies just create and update these huge signature files, shoot them across the network, fold their hands and hope they get properly installed, and then get right back to work because the files they just sent are more or less immediately out of date.I can tell you from experience that lugging around a bulky bag of incomplete, outdated information is no way to do your job.It’s also no way to keep your employees, and by extension, your company, ahead of threats.

What companies need to do is focus on what a defense-in-depth of the endpoint would really look like.It means you need a lot of things.You need to have antivirus and firewall protection.You need a patch process that actually works.You need centralized policy management that is easily enforceable.And, of course, you need all of this in real-time.Until recently, that also meant you needed a lot of aspirin.

With its acquisition of BigFix last July, IBM basically invested in the convergence of security and systems management, two pieces of the operational infrastructure that will continue to become more intertwined.You can’t just write the policy, or obtain the patch, you also need to be confident that these changes and updates are continually being enforced at every single endpoint.Try automatically applying patches to computers that aren’t turned on and you’ll pretty quickly understand why convergence is so important.

Up until this week there were four offerings that were part of the Tivoli Endpoint Manager suite of products, all of which are managed under the same roof.We have solutions for lifecycle management, security and compliance, power management and patch management.This week, we were pleased to announce Tivoli Endpoint Manager for Core Protection, a solution designed to add another layer of depth to your endpoint security posture.Tivoli Endpoint Manager for Core Protection is the result of the relationship between IBM and Trend Micro, and offers the real-time, lightweight threat protection that other endpoint security solutions can’t really compete with.

I spoke earlier about how other vendors were sending these huge signature files across their network, files that were outdated before you even figured out how to install them on your PC.Tivoli Endpoint Manager for Core Protection is different because while it does employ the use of some signature files, it also leverages the cloud to reduce the amount of information that needs to be sent across the network and also provides the real-time protection that static signature files cannot.As the cloud is updated with the latest threat information, so too are all of the endpoints that are in conversation with that cloud.

This has proven to be extremely effective. In a recent third party test, the Trend Micro technology blocked 100% of all incoming malware (the second place competitive product came in at 77%) by taking a multi-layer approach. Nearly all (97.5%) of the malware was detected and blocked in the first layer (URL reputation) and the remaining pieces of malware were blocked in the two subsequent layers of defense. Now, here's where it gets even more impressive. An hour after the original test, they again tested just the malware that got through URL reputation, but this time it did not get through even that first layer of defense. This is protective technology that is updating and hardening its defenses as new threats come in.

I don't think I really need to explain the importance of endpoint security to anyone reading this. We all have different things at stake, whether it's your back accounts, your music collection, confidential information for work or even just a photo album. What I can say is that 77% isn't good enough when it comes to protecting any of those things.

The strength of Tivoli Endpoint Manager is that it combines first-rate security with the systems management capabilities needed to ensure that protection is deployed across the entire infrastructure. When it comes to endpoint management, it's about no longer looking at technology in silos, it's about understanding why and how we can integrate different complementary offerings. Tivoli Endpoint Manager is built on that philosophy.

This new version has a number of features that extend NetView's extensive IP management and automation capabilities. With NetView for z/OS, customers are able to efficiently diagnose and correct network issues to minimize application downtime.

One of the key new features to this version is enhnaced Packet Tracing and Analysis. Per the Announcement Letter:

Packet trace: The NetView IP packet trace function has been enhanced to analyze the data in a packet trace to identify potential network and system problems. This enhancement significantly reduces the time needed for problem identification and diagnosis. From within the packet trace session analysis, individual connections can be dropped and the packet trace data can be saved for later retrieval or further analysis.

Other new features include a new consolidated message log (Canzlog) for NetView, z/OS system, and job logs, as well as support for the GDPS Active/Active continuous availability solution.

The benefits from cloud computing seem clear: cost
reduction, better flexibility, scale to meet business demands, etc.
...However, getting to cloud involves a lot of decisions. Learn how some of
your colleagues are leveraging Tivoli solutions to automate virtualized
environments and move to private clouds.

This FREE webcast will be followed a live Q&A session with the speakers.

Speaker: Mohamed Abdula, IBM Director, Service Automation and Cloud Solutions Product Management
Since joining IBM in 1996, Moe (Mohamed Abdula) held multiple technical
and management roles with significant experiences in Product
Development, Delivery, Portfolio Management, Business Operations as well
as Technical Support and Services. Moe's experiences spans multiple
Software Group brands with global team management experience.
Recently, Moe joined the Tivoli organization to assume responsibility
for Product Management and Strategy of the Service Automation and Cloud
Computing portfolios. Prior to joining IBM, Moe held a number of
research associate roles and lectured on early Object Oriented computing
concepts. Moe attended the University of Leeds in the UK, where he
received an honors bachelor's degree in Electronic and Computer
Engineering.

Speaker: Bowman Hall, IBM Director, Cloud Computing Client Engagements, IBM Software Group
Bowman Hall joined IBM in 1996 after IBM's acquisition of Tivoli
Systems, Inc. Bowman has had multiple technical and management roles
within IBM in technical support, education, consulting services and
technical sales, based in the US, UK and Spain. Since 2009, Bowman has
been responsible for Cloud Computing Client Engagements with the IBM
Software Group, where he leads early adopter customer projects and cloud
software implementations. Prior to joining IBM, Bowman was responsible
for managing distributed systems at Carnival Cruise Lines. Bowman
attended the University of Texas at Austin where he received a
bachelor's degree in mathematics.

Become a TUC member and Get Registered !

To participate
in this free webcast session you must be a registered member of the TUC. Please register now! Once you
become a member you can join a local or virtual user group, take advantage of
our online education and certification resources as well as our networking and
collaboration tools.

Other
benefits include; Pulse Conference Discounts codes; 40% Discount on Tivoli
books from IBM Press, Free certification testing at local user group meetings
and much more!

Tivoli will have a large presence at next month's Innovate2011 conference in Orlando, with over 30 sessions which highlight the Tivoli/Rational integration, and six booths in the solution expo. In addition, you can check out the Tivoli executive speaking engagements including Danny Sabbah (GM, Tivoli Software) at the executive summit presenting on
'Collaborative Development and Operations', Jamie Thomas (VP, Tivoli
Strategy and Development) on organizational agility and efficiency, and
Steve Robinson (GM, IBM Security Solutions) on 'Security in Industries'.

Also, be sure to check out the 'Service Management Simulator Experience' at Innovate, a hands-on role playing game focusing on the challenges and business value of
implementing Service Management best practices in a real life scenario!

The voting for papers at VMWorld has opened and we're looking for both IBMers and customers who want to hear about what IBM has to offer to visit the VMWorld website (registration required) and vote for your favorites.

Search for "IBM" to find our papers. Voting ends on May 18 so run, don't walk. You can vote on as many sessions as you’d like but you can only cast one vote per session.

Thank you for your support and we look forward to seeing you there in August.

Oh, how happy I am to have that application in my phone to download my favorite tune; and as an end-user I’m happy as long as my phone gets my directions correct. However, to deliver such a rich user experience what goes into the back-end is the design and delivery of an increasingly complex system of systems.

It’s about the ‘sustainable innovation with Integrated Service Management for Design and Delivery;’ where Tivoli and Rational software come together, bridging the gap between design, development, test with operational processes and together service the critical business needs.

Now that Pulse is in the rear view mirror, we can focus our attention on INNOVATE, Rational's flagship event for 2011.

Innovate 2011 is the event for software innovation. It is the conference totally focused on helping you transform software innovation and accelerate better business outcomes.

Need another reason to attend Innovate 2011?...You can also take part in the 'Service Management Simulator Experience', a hands-on game focusing on the challenges and business value of implementing Service Management best practices in a realistic and exhilarating scenario. Over the course of a few hours, you'll use gaming and role playing dynamics to mirror the real-world interaction between IT and the business, from both a strategic and operational perspective. In the end, you will come away with an actionable understanding of how the effectiveness of IT processes impacts your business!- For more information, visit the Simulator web page- Check out this 3-minute youtube video from a previous workshop- Read the rave reviews

- To register or if you have questions, send an email totivmktg@us.ibm.com

BTW...Readers of this blog may recall that we also conducted a simulator workshop at Pulse this year.

Join us and the Tivoli community at Innovate 2011 – it’s a great opportunity to network with your peers and take away valuable insight that you can use today. If you haven’t yet registered for the conference, you can register here.